With “billions of dollars” bandied about in the news of Malaysia continually these days, it may seem that we have become de-sensitised to yet another quantum in the realm of billions. Yet, it is no inconsequential matter that Malaysian organisations stand to be ‘depleted’ of US$12.2 billion in economic losses to the dark labyrinth of cybersecurity threats.

In comparison, the potential economic loss across Asia Pacific due to security incidents was at US$1.745 trillion in 2017, which is 7% of the region’s total GDP of US$24.33 trillion. Still, Malaysia’s US$12.2 billion is a staggering amount, accounting for 4 percent of Malaysia’s total GDP of US$296 billion.

Such were the sobering findings of a study commissioned by Microsoft in collaboration with Frost & Sullivan, entitled “Understanding the Cybersecurity Threat Landscape in Asia Pacific: Securing the Modern Enterprise in a Digital World”. To calculate the cost of cybercrime, Frost & Sullivan has created an economic loss model based on macro-economic data and insights shared by 1300 survey respondents ranging from business to IT decision makers, from mid-sized to large organisations. This model factors in three kinds of losses which could be incurred due to a cybersecurity breach:

Direct: Financial losses associated with a cybersecurity incident, which includes the loss of productivity fines, remediation cost, etc;

Indirect: The opportunity cost to the organisation such as customer churn due to reputation loss; and

Induced: The impact of cyber breach to the broader ecosystem and economy, such as the decrease in consumer and enterprise spending.

In addition to financial losses, there is the added undermining of Malaysian organisations’ ability to capture future opportunities in today’s digital economy, simply because they are afraid to be mired in such cyber threats. As many as 62 percent of survey respondents stated that their enterprises have put off digital transformation efforts precisely due to these breaches.

Although high-profile cyberattacks such as ransomware have been garnering a lot of attention, the study found that for organisations in Malaysia, data exfiltration and data corruption are the biggest concerns as they have the highest impact with the slowest recovery time.

Addressing these breaches

In the current rapidly changing business climate, where new business models and routes to market are created or changed frequently and quickly, digital transformation is a key enabler, and the success and competitiveness of organisations depends upon it. By not transforming, Dr. Dzahar Mansor (National Technology Officer, Microsoft Malaysia) likened it to an example of a cottage industry still stuck in that realm when every other industry has mechanized.

Can one really delay digital transformation because of the all-too-real cyberthreats …. at the cost of being irrelevant?

One wouldn’t recommend it. Instead, the answer lies in armouring an organisation with these cybersecurity strategies:

Position cybersecurity as a digital transformation enabler: Disconnect between cybersecurity practices and digital transformation effort creates a lot of frustration for the employees. Cybersecurity is a requirement for digital transformation to guide and keep the company safe through its journey. Conversely, digital transformation presents an opportunity for cybersecurity practices to abandon aging practices to embrace new methods of addressing today’s risks;

Continue to invest in strengthening your security fundamentals: Over 90 percent of cyber incidents can be averted by maintaining the most basic best practices. Maintaining strong passwords, conditional use of multi-factor authentication against suspicious authentications, keeping device operating systems, software and anti-malware protection up-to-date and genuine can raise the bar against cyberattacks. This should include not just the tool-sets but also training and policies to support a stronger fundamental. After all, employees themselves are often the weakest link.

Assessment, review and continuous compliance: The organisation should be in a continuous state of compliance. Assessments and reviews should be conducted regularly and the board should keep tabs on not just compliance to industry regulations but also how the organisation is progressing against security best practices; and

Leverage AI and automation to increase capabilities and capacity: With security capabilities in short supply, organisations need to look to automation and AI to improve the capabilities and capacity of their security operations. Current advancements in AI has shown a lot of promise, not just in raising detections that would otherwise be missed but also in reasoning over how the various data signals should be interpreted with recommended actions. Such systems have seen great success in cloud implementations where huge volumes of data can be processed rapidly. Ultimately, leveraging automation and AI can free up cybersecurity talents to focus on higher-level activities.

“Microsoft is empowering businesses in Malaysia to take advantage of digital transformation by enabling them to embrace technology that’s available to them, securely through its secure platform of products and services, combined with unique intelligence and broad industry partnerships,” said Mansor.

This study is but one example of Microsoft’s approach towards creating a safer cyberspace for everyone.